Overview

overview

10

Static

static

10

42.zip

windows11-21h2-x64

7

Resubmissions

19-02-2025 17:11

250219-vqfr8avnat 10

19-02-2025 17:07

250219-vncyjsvpfj 10

Analysis

  • max time kernel
    250s
  • max time network
    202s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-02-2025 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42.zip

  • Size

    22.9MB

  • MD5

    5eedb850786f0d1e069c18121fa09a9a

  • SHA1

    ba163e5aa48f24c0c978ce0e452f301043529cec

  • SHA256

    efe195f113a0f80089a707bbb884e18015d23003d77f04dd0855e3b0cf86d470

  • SHA512

    c02f483d6a38f021450d224c07890e441da7cf9a69892754ea494d7e3e3c6b92daa873051f217a1ba0f2f096e47f7506de4c93e4ca0cb4bc86b3c0852ca402bc

  • SSDEEP

    393216:RyacqbXFeuBc9Q+Fb6TG4bk95Cj2v7kjnNgAKb8Bb5lsL6u0Xfe9SXtw1:RyObXDBYQw2ThokjbKePu0/w1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
    1⤵
      PID:3632
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3936
    • C:\Windows\system32\BackgroundTransferHost.exe
      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
      1⤵
      • Modifies registry class
      PID:4484
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3376
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\42\" -spe -an -ai#7zMap16458:62:7zEvent10849
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:5012
      • C:\Users\Admin\Desktop\42\Xworm-V5.6\XWormV5.6.exe
        "C:\Users\Admin\Desktop\42\Xworm-V5.6\XWormV5.6.exe"
        1⤵
        • Executes dropped EXE
        PID:3488

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\ed0198aa-21e0-4b13-bb91-2135562cdd06.down_data
        Filesize

        555KB

        MD5

        5683c0028832cae4ef93ca39c8ac5029

        SHA1

        248755e4e1db552e0b6f8651b04ca6d1b31a86fb

        SHA256

        855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

        SHA512

        aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
        Filesize

        24KB

        MD5

        444bd4af537773f90a95db08f52548b7

        SHA1

        2856c6f6c1bb8e61749953a6d5c2f376c47cef74

        SHA256

        40ac78abec60bb2dc90c860058f7b2398980ea5f72059a19f11c722804b7af9a

        SHA512

        4588a3c9aaaeac67aa8952c4b3bfc00fd6e3544381707320e7a6a846e6ddfe48c6a1191aea341ec80fb18b05c9e759fecc163a660d69d5192fc5b7b8accf95cb

        Download Submit

      • C:\Users\Admin\Desktop\42\Xworm-V5.6\Icons\icon (15).ico
        Filesize

        361KB

        MD5

        e3143e8c70427a56dac73a808cba0c79

        SHA1

        63556c7ad9e778d5bd9092f834b5cc751e419d16

        SHA256

        b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

        SHA512

        74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

        Download Submit

      • C:\Users\Admin\Desktop\42\Xworm-V5.6\XWormV5.6.exe
        Filesize

        6.2MB

        MD5

        27e8fbb578a31b66970970d7080820d5

        SHA1

        0d91aa371783017825c6eb86b56286012e4d33cb

        SHA256

        289a84c4e263e472b30715dfe9f7964ded556e6cae632c7d7e1eb62cdda3700f

        SHA512

        7fa1d06b6e5efcfb217815c4a148bd20ba3b2281462b245cdb3dc781ded7a209a5ee96846115787f01a702dee913a7b152bee9f079369371aca894f393b4fadc

        Download Submit